Strongbit ExeCryptor Version 2.3.9 review

A new way to stop crackers ripping off your software

Jump to Section:

Our Verdict

An indispensable programming tool at a very reasonable price

For

Impressive Code Morphing system

Worked perfectly on test

Reasonable price

Software developers frequently invest little time and effort in software protection. That's unfortunate because, if an application becomes popular, it will undoubtedly attract the unwelcome attentions of the 'cracker' community.

When developers do get around to adding protection, they often fail to realise that - no matter how sophisticated the protection - a few judicious patches can often crack it. Even tools that compress and encrypt are vulnerable; crackers use a debugger to extract the decrypted code.

ExeCryptor takes a radically different approach, which is based on something called Code Morphing. The creators of ExeCryptor realised that compressing and encrypting the code simply makes it more inaccessible; the code itself hasn't been changed, and a skilled cracker can still get to it.

Instead, Code Morphing relies on the fact that many x86 CPU instructions have predictable side effects that are unrelated to the primary purpose of the instruction. Believe it or not, it's possible to turn a perfectly valid sequence of machine code instructions into what looks like complete gibberish - and yet have the gibberish achieve exactly the same result when executed.

In addition to this, ExeCryptor also has a virtualisation system that works like P-Code - parts of the original program code are converted into P-Code and executed by a tiny interpreter. You can determine how much virtualisation takes place. The result from the cracker's perspective? More gibberish.

This is all very clever indeed. Think of it as taking a passage in English and translating it into Swahili. The essential meaning stays the same, and the CPU can understand Swahili, but our intrepid cracker can't.

We tried ExeCryptor on a number of non-trivial applications, including the Delphi 5 IDE. They all worked perfectly after obfuscating - which is effectively what's happening here - but when we looked at the resulting EXE files under IDA Pro disassembler, all we could see was a mass of random nonsense.

There's heavy protection against running inside a debugger, and the Professional version of ExeCryptor also adds serial number checking. You can also obfuscate DLL's, BPL files (Delphi packages) and more, in addition to EXE files. All of which makes this an indispensable programming tool at a very reasonable price. Dave Jewell